Security & trust

Encryption

Data is encrypted in transit using TLS. At rest, briefs and transcripts are stored in Airtable and recordings with Recall.ai — both encrypt data at rest by default.

Access controls

Access to customer data is restricted to what is needed to operate the service, protected by authentication and least-privilege access. Your briefs are visible only to your account and the team members you invite.

Infrastructure

Briefpad runs on Vercel. Call transcription is handled by Recall.ai (US West 2 region), and AI processing by Anthropic (Claude API) to generate briefs and the Claude Code prompt. We use reputable infrastructure providers rather than managing servers ourselves.

Call recording & consent

Briefpad only records calls you invite it to. You remain responsible for ensuring everyone on a call is informed it is being recorded and that any consent required by law is obtained before Briefpad joins. We make the bot’s presence visible rather than hidden.

Data retention & deletion

Call transcripts and generated briefs are retained for as long as your account is active; if you cancel, they are deleted within 30 days. You can request deletion of your data at any time by emailing joseph@briefpad.io.

Sub-processors

We share data only with the providers needed to run the service: Recall.ai (call recording and transcription), Anthropic (AI brief generation), n8n (automation), Airtable (data storage), Typeform (pre-call forms) and Google Workspace (email notifications). See our Privacy Policy for full detail.

Compliance

We process personal data in line with UK GDPR. You can exercise your data-protection rights — access, correction, deletion and more — by contacting us.

Reporting a concern

Found a security issue, or have a question about how your data is handled? Email joseph@briefpad.ioand we’ll respond promptly.